During deleting program, error message come out (minlogon)

Guest · Aug 21, 2004

"When deleting any program in the add/delete, this error message come out.
The XPE image basic language is Korean.
So, the translated error message -
"program error - because of error popping up from known itâ€™s closed.
The program should restart"

We're using minlogon.
The most important reason that we select minlogon is that boot time.
With using the minlogon, we expect that error disappeared.

Which component is affecting for this error?

KM · Aug 21, 2004

lins77,

You meant "Add/Remove Programs" control panel applet does not work properly
on a milogon image. Did I get it right from your post?
Frankly, the error message translation you mentioned below does not make
much sense. If you could repro the problem on english version, that would
help.

Anyway.. I can give you many reasons why "Add/Remove Programs" does not work
on minlogon image but basically there is a bunch of dynamic dependencies you
have to satisfy in oder to use the applet properly.
I have not tried the applet on minlogon image and can't tell you for sure
whether it is good to be run under minlogon.
But here is some hints for you:
- "Add/Remove Programs" is appwiz.cpl. So explore dynamic dependencies
of that binary.
- A quick glance at the appwiz.cpl binary shows that it instantiates
some come objects like AppManager (appmgr.dll) and etc. This mean you may
want to include components like: Software Installation Group
Policy Extension, [Visibility=1000]
Software Installation Group Policy MMC Snap-In, [Visibility=1000]

Again, this is just a quick glance. If you explored the component more
carefully you would probably find many more dynamic dependencies including
various COM objects.
I am not saying it can't work with minlogon but the point is that it is a
lot of components you may need to add to your configuration in order to run
the AppWiz.
- if it works for you on a Winlogon image. Include Winlgon in your
configruration, resolve its dependencies, remove Winlogon and add Minlogon.
This may help you to run the applet.

Regards,
KM

KM · Aug 21, 2004

And I forgot to mention that you will definitely need such components like
"Shell32" and "SetupAPI" in your image.

Also, use Regmon/Filemon tools (www.sysinternals.com) to find out the
missing pieces of the AppWiz on your image run time.

KM

lins77,

You meant "Add/Remove Programs" control panel applet does not work properly
on a milogon image. Did I get it right from your post?
Frankly, the error message translation you mentioned below does not make
much sense. If you could repro the problem on english version, that would
help.

Anyway.. I can give you many reasons why "Add/Remove Programs" does not work
on minlogon image but basically there is a bunch of dynamic dependencies you
have to satisfy in oder to use the applet properly.
I have not tried the applet on minlogon image and can't tell you for sure
whether it is good to be run under minlogon.
But here is some hints for you:
- "Add/Remove Programs" is appwiz.cpl. So explore dynamic dependencies
of that binary.
- A quick glance at the appwiz.cpl binary shows that it instantiates
some come objects like AppManager (appmgr.dll) and etc. This mean you may
want to include components like: Software Installation Group
Policy Extension, [Visibility=1000]
Software Installation Group Policy MMC Snap-In, [Visibility=1000]

Again, this is just a quick glance. If you explored the component more
carefully you would probably find many more dynamic dependencies including
various COM objects.
I am not saying it can't work with minlogon but the point is that it is a
lot of components you may need to add to your configuration in order to run
the AppWiz.
- if it works for you on a Winlogon image. Include Winlgon in your
configruration, resolve its dependencies, remove Winlogon and add Minlogon.
This may help you to run the applet.

Regards,
KM

"When deleting any program in the add/delete, this error message come out.
The XPE image basic language is Korean.
So, the translated error message -
"program error - because of error popping up from known it's closed.
The program should restart"

We're using minlogon.
The most important reason that we select minlogon is that boot time.
With using the minlogon, we expect that error disappeared.

Which component is affecting for this error?

Click to expand...

Guest · Aug 25, 2004

Dear KM:
This is 3rd DrtWatson Logog file.
refer below

<DrtWatson Log 3>

ì‘ìš© í”„ë¡œê·¸ëž¨ ì˜ˆì™¸ ë°œìƒ:
ì‘ìš© í”„ë¡œê·¸ëž¨: C:\WINDOWS\system32\rundll32.exe (pid=1748)
ë‚ ì§œ: 2004-08-25 @ 07:45:07.067
ì˜ˆì™¸ ë²ˆí˜¸: c0000094 (0ìœ¼ë¡œ ë‚˜ëˆ”)

*----> ì‹œìŠ¤í…œ ì •ë³´ <----*
ì»´í“¨í„° ì´ë¦„: OEM-GGPLF1VIE8M
ì‚¬ìš©ìž ì´ë¦„: SYSTEM
í„°ë¯¸ë„ ì„œë¹„ìŠ¤ ì„¸ì…˜ Id: 0
í”„ë¡œì„¸ì„œ ìˆ˜: 1
í”„ë¡œì„¸ì„œ ìœ í˜•: x86 Family 6 Model 9 Stepping 8
Windows ë²„ì „: 5.1
í˜„ìž¬ ë¹Œë“œ: 2600
Service Pack: 1
í˜„ìž¬ ìœ í˜•: Uniprocessor Free
ë“±ë¡ëœ ì¡°ì§: OEM
ë“±ë¡ëœ ì†Œìœ ìž: OEM

*----> ìž‘ì—… ëª©ë¡ <----*
0 System Process
4 System
680 smss.exe
752 csrss.exe
776 winlogon.exe
824 services.exe
832 lsass.exe
984 svchost.exe
1084 svchost.exe
1228 svchost.exe
1240 svchost.exe
1248 Explorer.exe
1424 spoolsv.exe
1488 VTTimer.exe
1496 VTtrayp.exe
1748 rundll32.exe
1820 DUAgent.exe
1844 inetinfo.exe
1896 SCardSvr.exe
1984 snmp.exe
1512 drwtsn32.exe

*----> ëª¨ë“ˆ ëª©ë¡ <----*
(0000000000960000 - 000000000098b000: C:\WINDOWS\System32\msctfime.ime
(0000000000de0000 - 0000000000de4000: C:\WINDOWS\System32\EmbdTrst.DLL
(0000000001000000 - 000000000100a000: C:\WINDOWS\system32\rundll32.exe
(0000000010000000 - 0000000010036000: C:\WINDOWS\system32\VTRfLock.dll
(000000003a700000 - 000000003a718000: C:\WINDOWS\System32\imekr61.ime
(00000000559e0000 - 0000000055a51000: C:\WINDOWS\system32\themeui.dll
(0000000058ab0000 - 0000000058ad4000: C:\WINDOWS\System32\desk.cpl
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\system32\UxTheme.dll
(00000000629c0000 - 00000000629c8000: C:\WINDOWS\system32\LPK.DLL
(000000006b980000 - 000000006b9ca000: C:\WINDOWS\system32\VTCfg3d.dll
(000000006bb00000 - 000000006bb73000: C:\WINDOWS\system32\VTDisply.dll
(000000006be00000 - 000000006be57000: C:\WINDOWS\system32\VTGamma2.dll
(000000006c000000 - 000000006c03a000: C:\WINDOWS\system32\VTInfo2.dll
(000000006c200000 - 000000006c258000: C:\WINDOWS\system32\VTOvrlay.dll
(000000006c400000 - 000000006c4c2000: C:\WINDOWS\system32\VTChromo.dll
(000000006d3f0000 - 000000006d3f7000: C:\WINDOWS\system32\deskperf.dll
(000000006d400000 - 000000006d407000: C:\WINDOWS\system32\deskmon.dll
(000000006d410000 - 000000006d417000: C:\WINDOWS\system32\deskadp.dll
(0000000070a70000 - 0000000070ad5000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
(0000000072fa0000 - 0000000072ffa000: C:\WINDOWS\system32\USP10.dll
(0000000074770000 - 00000000747ff000: C:\WINDOWS\system32\MLANG.dll
(0000000075150000 - 0000000075163000: C:\WINDOWS\system32\Cabinet.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\apphelp.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\IMM32.DLL
(0000000076670000 - 0000000076757000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\system32\WINMM.dll
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\system32\Secur32.dll
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\System32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc2000: C:\WINDOWS\system32\shell32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007c890000 - 000000007c911000: C:\WINDOWS\system32\CLBCATQ.DLL
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll

*----> ìŠ¤ë ˆë“œ Id 0x6d8ì˜ ìƒíƒœ ë¤í”„ <----*

eax=0002b110 ebx=1d0a0279 ecx=00000000 edx=00000000 esi=00010136 edi=00000000
eip=6c005592 esp=0006da54 ebp=0006dc4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000216

*** WARNING: Unable to verify checksum for C:\WINDOWS\system32\VTInfo2.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\VTInfo2.dll -
í•¨ìˆ˜: VTInfo2!Ordinal4
6c005579 45 inc ebp
6c00557a 1499 adc al,0x99
6c00557c f7ff idiv edi
6c00557e 57 push edi
6c00557f 8b7d1c mov edi,[ebp+0x1c]
6c005582 897ddc mov [ebp-0x24],edi
6c005585 8945c8 mov [ebp-0x38],eax
6c005588 8b45b8 mov eax,[ebp-0x48]
6c00558b 69c090010000 imul eax,eax,0x190
6c005591 99 cdq
ì˜¤ë¥˜ -> 6c005592 f7f9 idiv ecx
6c005594 0fafc1 imul eax,ecx
6c005597 99 cdq
6c005598 59 pop ecx
6c005599 f7f9 idiv ecx
6c00559b 8b8d40ffffff mov ecx,[ebp-0xc0]
6c0055a1 6a10 push 0x10
6c0055a3 894dd8 mov [ebp-0x28],ecx
6c0055a6 8945d0 mov [ebp-0x30],eax
6c0055a9 8b8578ffffff mov eax,[ebp-0x88]
6c0055af 0faf4518 imul eax,[ebp+0x18]

*----> ìŠ¤íƒ ì— ì¶”ì <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\themeui.dll -
ChildEBP RetAddr Args to Child
0006dc4c 6c00f52f 00010136 1d0a0279 00000000 VTInfo2!Ordinal4+0x5592
0006dc70 77d43a50 00010136 00000601 00000000 VTInfo2+0xf52f
0006dc9c 77d4c675 6c00f35a 00010136 00000601 USER32+0x3a50
0006dd08 77d4c4e4 00000000 6c00f35a 00010136 USER32!CharLowerBuffA+0x404
0006dd50 77d4c6d1 00000000 00000601 00000000 USER32!CharLowerBuffA+0x273
0006dd94 77d43b1f 77d4c6b0 00010136 00000601 USER32!DefDlgProcA+0x21
0006ddfc 77d43d79 00000000 77d4c6b0 00010136 USER32+0x3b1f
0006de5c 77d43ddf 0006dec4 00000000 77d4b1f5 USER32!GetMessageW+0x125
0006de8c 71964add 00010110 004d65d0 00086808 USER32!DispatchMessageW+0xb
0006dea8 71966b69 000b9e20 0006dec4 000b9f44 comctl32!Ordinal164+0xafb
0006df00 71966d4d 000100ac 0000016c 00000000 comctl32!Ordinal164+0x2b87
0006df58 55a0428b 0006e604 00000111 00091ef0 comctl32!Ordinal164+0x2d6b
0006e5fc 00000800 00000034 00000101 000100ac themeui+0x2428b

*----> ë¡œ ìŠ¤íƒ ë¤í”„ <----*
000000000006da54 64 00 00 00 e4 dc 06 00 - 00 00 00 00 00 00 00 00
d...............
000000000006da64 f4 ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000006da74 90 01 00 00 00 00 00 a2 - 00 00 00 00 b1 bc b8 b2
.................
000000000006da84 00 00 00 00 c6 40 d4 77 - 88 db 06 00 b3 5f 96 71
[email protected]....._.q
000000000006da94 00 00 00 00 8c da 06 00 - 1c dc 06 00 f4 ff ff ff
.................
000000000006daa4 00 00 00 00 00 00 00 00 - 00 00 00 00 90 01 00 00
.................
000000000006dab4 00 00 00 a2 00 00 00 00 - b1 bc b8 b2 00 db 06 00
.................
000000000006dac4 b3 5f 96 71 00 00 00 00 - 91 c6 d4 77 4e 00 00 00
.._.q.......wN...
000000000006dad4 10 01 01 00 40 54 4d 00 - f5 ff ff ff 00 00 00 00
.....@TM.........
000000000006dae4 00 00 00 00 00 00 00 00 - 90 01 00 00 00 00 00 81
.................
000000000006daf4 00 00 00 00 4d 53 20 53 - 68 65 6c 6c 20 44 6c 67 ....MS
Shell Dlg
000000000006db04 00 00 00 00 d0 da 06 00 - 3d 00 00 00 ec dd 06 00
.........=.......
000000000006db14 40 db 06 00 0d 00 00 00 - 0b 00 00 00 02 00 00 00
@...............
000000000006db24 02 00 00 00 00 00 00 00 - 06 00 00 00 15 00 00 00
.................
000000000006db34 bc 02 00 00 00 00 00 00 - 60 00 00 00 60 00 00 00
.........`...`...
000000000006db44 1e ff 1f 20 00 00 00 27 - 81 db 06 00 f5 ff ff ff ...
....'........
000000000006db54 00 00 00 00 00 00 00 00 - 00 00 00 00 bc 02 00 00
.................
000000000006db64 00 00 00 81 00 00 00 00 - 4d 53 20 53 68 65 6c 6c
.........MS Shell
000000000006db74 20 44 6c 67 00 00 00 00 - f8 d5 08 00 d0 62 08 00
Dlg.........b..
000000000006db84 00 00 00 00 00 00 00 00 - 0c 00 00 00 0a 00 00 00
.................

*----> ìŠ¤ë ˆë“œ Id 0x6e0ì˜ ìƒíƒœ ë¤í”„ <----*

eax=77f883de ebx=00000000 ecx=77f53870 edx=00000000 esi=0006be40 edi=0006be3c
eip=7ffe0306 esp=00c6ff9c ebp=00c6ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

í•¨ìˆ˜: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8d542408 lea edx,[esp+0x8]
7ffe0304 cd2e int 2e
7ffe0306 c3 ret
7ffe0307 8bd4 mov edx,esp
7ffe0309 0f34 sysenter
7ffe030b c3 ret
7ffe030c 9c pushfd
7ffe030d 810c2400010000 or dword ptr [esp],0x100
7ffe0314 9d popfd
7ffe0315 c3 ret
7ffe0316 8bd4 mov edx,esp
7ffe0318 0f05 syscall
7ffe031a c3 ret

*----> ìŠ¤íƒ ì— ì¶”ì <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00c6ff98 77f5b7f4 77f88423 00000001 00c6ffac *SharedUserSystemCall+0xe (FPO:
[0,0,0])
00c6ffb4 77e7d33b 00000000 0006be3c 0006be40 ntdll!ZwDelayExecution+0xc
00c6ffec 00000000 77f883de 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> ë¡œ ìŠ¤íƒ ë¤í”„ <----*
0000000000c6ff9c f4 b7 f5 77 23 84 f8 77 - 01 00 00 00 ac ff c6 00
....w#..w........
0000000000c6ffac 00 00 00 00 00 00 00 80 - ec ff c6 00 3b d3 e7 77
.............;..w
0000000000c6ffbc 00 00 00 00 3c be 06 00 - 40 be 06 00 00 00 00 00
.....<...@.......
0000000000c6ffcc 00 00 00 00 00 d0 fd 7f - c0 ff c6 00 07 00 00 00
.................
0000000000c6ffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00
......H.w.=.w....
0000000000c6ffec 00 00 00 00 00 00 00 00 - de 83 f8 77 00 00 00 00
............w....
0000000000c6fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c7009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c700ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c700bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c700cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> ìŠ¤ë ˆë“œ Id 0x6e4ì˜ ìƒíƒœ ë¤í”„ <----*

eax=00000000 ebx=00000000 ecx=77f59037 edx=00000000 esi=77fc59a0 edi=77fc59fc
eip=7ffe0306 esp=00caff70 ebp=00caffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286

í•¨ìˆ˜: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8d542408 lea edx,[esp+0x8]
7ffe0304 cd2e int 2e
7ffe0306 c3 ret
7ffe0307 8bd4 mov edx,esp
7ffe0309 0f34 sysenter
7ffe030b c3 ret
7ffe030c 9c pushfd
7ffe030d 810c2400010000 or dword ptr [esp],0x100
7ffe0314 9d popfd
7ffe0315 c3 ret
7ffe0316 8bd4 mov edx,esp
7ffe0318 0f05 syscall
7ffe031a c3 ret

*----> ìŠ¤íƒ ì— ì¶”ì <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
ChildEBP RetAddr Args to Child
00caff6c 77f5c024 77f95b41 00000148 00caffac *SharedUserSystemCall+0xe (FPO:
[0,0,0])
00caffb4 77e7d33b 00000000 0006bed0 00080000 ntdll!ZwRemoveIoCompletion+0xc
00caffec 00000000 77f95b06 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> ë¡œ ìŠ¤íƒ ë¤í”„ <----*
0000000000caff70 24 c0 f5 77 41 5b f9 77 - 48 01 00 00 ac ff ca 00
$..wA[.wH.......
0000000000caff80 b0 ff ca 00 98 ff ca 00 - a0 ff ca 00 d0 be 06 00
.................
0000000000caff90 00 00 08 00 00 00 00 00 - 00 00 00 00 88 6a 09 00
..............j..
0000000000caffa0 00 7c 28 e8 ff ff ff ff - a4 8c 3b f5 26 61 f9 77
..|(.......;.&a.w
0000000000caffb0 a0 6a 09 00 ec ff ca 00 - 3b d3 e7 77 00 00 00 00
..j......;..w....
0000000000caffc0 d0 be 06 00 00 00 08 00 - 00 00 00 00 00 00 00 00
.................
0000000000caffd0 00 c0 fd 7f c0 ff ca 00 - 07 00 00 00 ff ff ff ff
.................
0000000000caffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
0000000000cafff0 00 00 00 00 06 5b f9 77 - 00 00 00 00 00 00 00 00
......[.w........
0000000000cb0000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0 01
.................
0000000000cb0010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00 00
.................
0000000000cb0020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00 00
.................
0000000000cb0030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00 00
.................
0000000000cb0040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00
.................
0000000000cb0050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000cb0060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff ff
.................
0000000000cb0070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000cb0080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000cb0090 23 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00 00
#......@........
0000000000cb00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 40
................@

Guest · Aug 25, 2004

Dear KM:

Thank U for your help.
I tried to make a image following your help.
1)Changing window logon,
2)dependency check,
3)add the related components,
4)disable windows logon,
5)enable minlogon,

But during trying removing programs, the same error message pop-up.
Below, I'll attach the DrtWatson logfile during trying removing programs, I
runned fileregmon.
In the fileregmon, I couldn't find specific feature.
But there were DrtWatson program runs.
So I expect It would be help for debugging.
I also attach regmon log file during trying removing programs.

-------------------------below--------------------------------------------------------------
<DRTWATSON log 1>

ì‘ìš© í”„ë¡œê·¸ëž¨ ì˜ˆì™¸ ë°œìƒ:
ì‘ìš© í”„ë¡œê·¸ëž¨: C:\WINDOWS\system32\rundll32.exe (pid=1708)
ë‚ ì§œ: 2004-08-25 @ 07:42:30.554
ì˜ˆì™¸ ë²ˆí˜¸: 80000003 (í•˜ë“œì½”ë“œëœ ì¤‘ë‹¨ì )

*----> ì‹œìŠ¤í…œ ì •ë³´ <----*
ì»´í“¨í„° ì´ë¦„: OEM-GGPLF1VIE8M
ì‚¬ìš©ìž ì´ë¦„: SYSTEM
í„°ë¯¸ë„ ì„œë¹„ìŠ¤ ì„¸ì…˜ Id: 0
í”„ë¡œì„¸ì„œ ìˆ˜: 1
í”„ë¡œì„¸ì„œ ìœ í˜•: x86 Family 6 Model 9 Stepping 8
Windows ë²„ì „: 5.1
í˜„ìž¬ ë¹Œë“œ: 2600
Service Pack: 1
í˜„ìž¬ ìœ í˜•: Uniprocessor Free
ë“±ë¡ëœ ì¡°ì§: OEM
ë“±ë¡ëœ ì†Œìœ ìž: OEM

*----> ìž‘ì—… ëª©ë¡ <----*
0 System Process
4 System
712 smss.exe
760 csrss.exe
792 winlogon.exe
840 services.exe
848 lsass.exe
1008 svchost.exe
1108 svchost.exe
1224 svchost.exe
1236 svchost.exe
1340 Explorer.exe
1408 spoolsv.exe
1492 conime.exe
1768 DUAgent.exe
1792 inetinfo.exe
1832 SCardSvr.exe
1848 snmp.exe
1764 VTTimer.exe
1828 VTtrayp.exe
1560 cmd.exe
1708 rundll32.exe
1948 drwtsn32.exe

*----> ëª¨ë“ˆ ëª©ë¡ <----*
(0000000000960000 - 000000000098b000: C:\WINDOWS\System32\msctfime.ime
(0000000000dc0000 - 0000000000dc4000: C:\WINDOWS\System32\EmbdTrst.DLL
(0000000001000000 - 000000000100a000: C:\WINDOWS\system32\rundll32.exe
(000000003a700000 - 000000003a718000: C:\WINDOWS\System32\imekr61.ime
(0000000055900000 - 0000000055961000: C:\WINDOWS\system32\MSVCP60.dll
(0000000055c10000 - 0000000055cb1000: C:\WINDOWS\System32\appwiz.cpl
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\system32\UxTheme.dll

<DRTWATSON log 2>

ì‘ìš© í”„ë¡œê·¸ëž¨ ì˜ˆì™¸ ë°œìƒ:
ì‘ìš© í”„ë¡œê·¸ëž¨: C:\WINDOWS\system32\rundll32.exe (pid=612)
ë‚ ì§œ: 2004-08-25 @ 05:52:54.137
ì˜ˆì™¸ ë²ˆí˜¸: 80000003 (í•˜ë“œì½”ë“œëœ ì¤‘ë‹¨ì )

*----> ì‹œìŠ¤í…œ ì •ë³´ <----*
ì»´í“¨í„° ì´ë¦„: OEM-GGPLF1VIE8M
ì‚¬ìš©ìž ì´ë¦„: SYSTEM
í„°ë¯¸ë„ ì„œë¹„ìŠ¤ ì„¸ì…˜ Id: 0
í”„ë¡œì„¸ì„œ ìˆ˜: 1
í”„ë¡œì„¸ì„œ ìœ í˜•: x86 Family 6 Model 9 Stepping 8
Windows ë²„ì „: 5.1
í˜„ìž¬ ë¹Œë“œ: 2600
Service Pack: 1
í˜„ìž¬ ìœ í˜•: Uniprocessor Free
ë“±ë¡ëœ ì¡°ì§: OEM
ë“±ë¡ëœ ì†Œìœ ìž: OEM

*----> ìž‘ì—… ëª©ë¡ <----*
0 System Process
4 System
648 smss.exe
724 csrss.exe
776 winlogon.exe
816 services.exe
832 lsass.exe
984 svchost.exe
1084 svchost.exe
1228 cmd.exe
1240 svchost.exe
1260 svchost.exe
1296 conime.exe
1408 spoolsv.exe
1884 explorer.exe
2024 DUAgent.exe
116 inetinfo.exe
196 SCardSvr.exe
224 snmp.exe
612 rundll32.exe
740 Filemon.exe
808 WMIADAP.EXE
1008 drwtsn32.exe

*----> ëª¨ë“ˆ ëª©ë¡ <----*
(0000000000960000 - 000000000098b000: C:\WINDOWS\System32\msctfime.ime
(0000000000dc0000 - 0000000000dc4000: C:\WINDOWS\System32\EmbdTrst.DLL
(0000000001000000 - 000000000100a000: C:\WINDOWS\system32\rundll32.exe
(000000003a700000 - 000000003a718000: C:\WINDOWS\System32\imekr61.ime
(0000000055900000 - 0000000055961000: C:\WINDOWS\system32\MSVCP60.dll
(0000000055c10000 - 0000000055cb1000: C:\WINDOWS\System32\appwiz.cpl
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\system32\UxTheme.dll
(00000000629c0000 - 00000000629c8000: C:\WINDOWS\system32\LPK.DLL
(000000006c1b0000 - 000000006c1f4000: C:\WINDOWS\system32\DUSER.dll
(0000000070a70000 - 0000000070ad5000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\system32\NETAPI32.DLL
(0000000072fa0000 - 0000000072ffa000: C:\WINDOWS\system32\USP10.dll
(0000000074c80000 - 0000000074cac000: C:\WINDOWS\system32\OLEACC.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\apphelp.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\IMM32.DLL
(0000000076400000 - 0000000076601000: C:\WINDOWS\system32\MSI.DLL
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\system32\Secur32.dll
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\System32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc2000: C:\WINDOWS\system32\shell32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007c890000 - 000000007c911000: C:\WINDOWS\system32\CLBCATQ.DLL
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll

*----> ìŠ¤ë ˆë“œ Id 0x268ì˜ ìƒíƒœ ë¤í”„ <----*

eax=00000000 ebx=000205dc ecx=77f75c17 edx=0006d4db esi=0006d77c edi=0006d77c
eip=77f75a58 esp=0006d700 ebp=0006d73c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\ntdll.dll -
í•¨ìˆ˜: ntdll!DbgBreakPoint
77f75a43 837de400 cmp dword ptr [ebp-0x1c],0x0
77f75a47 7408 jz ntdll!PropertyLengthAsVariant+0x58
(77f75a51)
77f75a49 ff75e4 push dword ptr [ebp-0x1c]
77f75a4c e8f9affeff call ntdll!LdrUnloadDll (77f60a4a)
77f75a51 c3 ret
ntdll!RtlSetUnicodeCallouts:
77f75a52 c20400 ret 0x4
77f75a55 cc int 3
77f75a56 cc int 3
77f75a57 cc int 3
ì˜¤ë¥˜ -> ntdll!DbgBreakPoint:
77f75a58 cc int 3
77f75a59 c3 ret
77f75a5a 8bff mov edi,edi
ntdll!DbgUserBreakPoint:
77f75a5c cc int 3
77f75a5d c3 ret
77f75a5e 8bff mov edi,edi
77f75a60 8b442404 mov eax,[esp+0x4]
77f75a64 cc int 3
77f75a65 c20400 ret 0x4
ntdll!vDbgPrintExWithPrefix:

*----> ìŠ¤íƒ ì— ì¶”ì <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\DUSER.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\appwiz.cpl -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\shell32.dll -
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\system32\rundll32.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0006d73c 77f97873 0006d77c 77f97864 6c1d5b63 ntdll!DbgBreakPoint
0006e93c 6c1c6ccb 00c0db40 00db0024 6c1d3ee4
ntdll!RtlUnhandledExceptionFilter+0xe
0006e980 6c1c78e3 00c0db40 00db0024 00000000 DUSER!GetDebug+0x4a5b
0006e9dc 6c1c724a 00c0db40 0000000b 00000000 DUSER!GetDebug+0x5673
0006ea10 6c1c7521 00db0004 00000001 00db0004 DUSER!GetDebug+0x4fda
0006ea24 6c1c4208 00000001 0006ea98 6c1df8b6 DUSER!GetDebug+0x52b1
0006ea30 6c1df8b6 0009011c ffff0211 0006e9d8 DUSER!GetDebug+0x1f98
0006ea98 6c1db3f3 00000202 00000000 01180297 DUSER+0x2f8b6
0006eabc 77d43a50 00000000 00000202 00000000 DUSER+0x2b3f3
0006eae8 77d43b1f 6c1db3a8 0009011c 00000202 USER32+0x3a50
0006eb50 77d43d79 0008c430 6c1db3a8 0009011c USER32+0x3b1f
0006ebb0 77d43ddf 0006f3d4 00000000 55c22a70 USER32!GetMessageW+0x125
0006f410 55c30565 01090094 00000000 00090d68 USER32!DispatchMessageW+0xb
0006f424 55c31cec 00090094 00000000 0006f478
appwiz!WOW64Uninstall_RunDLLW+0x3719
0006f434 7740c31d 00090094 00000005 00000000 appwiz!CPlApplet+0x3d
0006f478 774154f6 00090d68 00090094 00000005 shell32!Ordinal128+0x259
0006fae8 774157ee 00090094 01000000 00090d68 shell32!SHFileOperation+0xfb1
0006ff18 0100178d 00090094 01000000 00085958 shell32!Control_RunDLLW+0x37
0006ff60 0100189a 01000000 00000000 00020622 rundll32+0x178d
0006ffc0 77e814c7 70a9f1ab 80000002 7ffdf000 rundll32+0x189a
0006fff0 00000000 01001818 00000000 78746341
kernel32!GetCurrentDirectoryW+0x44

*----> ë¡œ ìŠ¤íƒ ë¤í”„ <----*
000000000006d700 30 78 f9 77 10 1e 1b 6c - 7c d7 06 00 2c e9 06 00
0x.w...l|...,...
000000000006d710 0f 00 00 c0 c4 d7 06 00 - 00 00 a7 00 00 00 00 01
.................
000000000006d720 dc 05 02 00 04 d7 06 00 - 00 00 00 00 9c d7 06 00
.................
000000000006d730 f0 88 fa 77 10 39 f5 77 - ff ff ff ff 3c e9 06 00
....w.9.w....<...
000000000006d740 73 78 f9 77 7c d7 06 00 - 64 78 f9 77 63 5b 1d 6c
sx.w|...dx.wc[.l
000000000006d750 7c d7 06 00 00 00 00 00 - 43 6c 1c 6c 7c d7 06 00
|.......Cl.l|...
000000000006d760 fb 3e c3 77 84 d7 06 00 - 00 00 00 00 84 d7 06 00
..>.w............
000000000006d770 00 00 00 00 00 00 00 00 - 00 00 00 00 6c d8 06 00
.............l...
000000000006d780 84 d8 06 00 a8 d7 06 00 - 2e 17 fb 77 6c d8 06 00
............wl...
000000000006d790 2c e9 06 00 84 d8 06 00 - 44 d8 06 00 5c e5 06 00
,.......D...\...
000000000006d7a0 42 17 fb 77 2c e9 06 00 - 54 d8 06 00 00 17 fb 77
B..w,...T......w
000000000006d7b0 6c d8 06 00 2c e9 06 00 - 84 d8 06 00 44 d8 06 00
l...,.......D...
000000000006d7c0 30 c2 1d 6c 01 00 00 00 - 6c d8 06 00 2c e9 06 00
0..l....l...,...
000000000006d7d0 0d 79 f9 77 6c d8 06 00 - 2c e9 06 00 84 d8 06 00
..y.wl...,.......
000000000006d7e0 44 d8 06 00 30 c2 1d 6c - 00 00 00 00 6c d8 06 00
D...0..l....l...
000000000006d7f0 20 dc 06 00 1c 01 09 00 - 81 02 00 00 00 00 00 00
................
000000000006d800 40 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
@...............
000000000006d810 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000006d820 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000006d830 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> ìŠ¤ë ˆë“œ Id 0x270ì˜ ìƒíƒœ ë¤í”„ <----*

eax=ffffffff ebx=00aefe08 ecx=000933b8 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0306 esp=00aefdc0 ebp=00aefe5c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

í•¨ìˆ˜: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8d542408 lea edx,[esp+0x8]
7ffe0304 cd2e int 2e
7ffe0306 c3 ret
7ffe0307 8bd4 mov edx,esp
7ffe0309 0f34 sysenter
7ffe030b c3 ret
7ffe030c 9c pushfd
7ffe030d 810c2400010000 or dword ptr [esp],0x100
7ffe0314 9d popfd
7ffe0315 c3 ret
7ffe0316 8bd4 mov edx,esp
7ffe0318 0f05 syscall
7ffe031a c3 ret

*----> ìŠ¤íƒ ì— ì¶”ì <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
00aefdbc 77f5c524 77e75ee0 00000002 00aefe08 *SharedUserSystemCall+0xe (FPO:
[0,0,0])
00aefe5c 77d463eb 00000002 00aefe84 00000000
ntdll!NtWaitForMultipleObjects+0xc
00aefeb8 6c1ddfe0 00000001 00aefeec ffffffff USER32!SetScrollInfo+0x21f
00aefed8 6c1de207 000004ff ffffffff 00000001 DUSER+0x2dfe0
00aeff0c 6c1d88af 00aeff4c 00000000 00000000 DUSER+0x2e207
00aeff2c 6c1d540e 00aeff4c 00000000 00000000 DUSER!GetMessageExA+0x42
00aeff80 77c37fb8 00000000 00000012 002b09e8 DUSER!DUserStopAnimation+0x90d5
00aeffb4 77e7d33b 002b3d38 00000012 002b09e8 msvcrt!endthreadex+0xa0
00aeffec 00000000 77c37f49 002b3d38 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> ë¡œ ìŠ¤íƒ ë¤í”„ <----*
0000000000aefdc0 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 08 fe ae 00
$..w.^.w........
0000000000aefdd0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000aefde0 02 00 00 00 04 00 00 00 - 02 00 00 00 00 00 00 00
.................
0000000000aefdf0 00 00 00 00 f1 ab e7 77 - 00 00 af 00 02 00 00 00
........w........
0000000000aefe00 00 f0 fd 7f 00 d0 fd 7f - d4 00 00 00 64 00 00 00
.............d...
0000000000aefe10 00 20 b6 00 24 6c 1c 6c - 00 20 b6 00 00 00 00 00 .
...$l.l. ......
0000000000aefe20 30 6c 1c 6c 00 00 00 00 - 08 fe ae 00 00 20 b6 00
0l.l......... ..
0000000000aefe30 14 00 00 00 01 00 00 00 - 38 1c 09 00 00 00 00 00
.........8.......
0000000000aefe40 00 00 00 00 dc fd ae 00 - 10 1e 1b 6c a4 ff ae 00
............l....
0000000000aefe50 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b8 fe ae 00
..H.wx2.w........
0000000000aefe60 eb 63 d4 77 02 00 00 00 - 84 fe ae 00 00 00 00 00
..c.w............
0000000000aefe70 ff ff ff ff 00 00 00 00 - 70 c7 08 00 01 00 00 00
.........p.......
0000000000aefe80 4c ff ae 00 d4 00 00 00 - 64 00 00 00 ff ff ff ff
L.......d.......
0000000000aefe90 9f 03 1e 6c 70 ee 04 00 - b8 33 09 00 01 00 00 00
....lp....3......
0000000000aefea0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000aefeb0 00 d0 fd 7f 64 00 00 00 - d8 fe ae 00 e0 df 1d 6c
.....d..........l
0000000000aefec0 01 00 00 00 ec fe ae 00 - ff ff ff ff ff 04 00 00
.................
0000000000aefed0 84 fe ae 00 ff ff ff ff - 0c ff ae 00 07 e2 1d 6c
................l
0000000000aefee0 ff 04 00 00 ff ff ff ff - 01 00 00 00 d4 00 00 00
.................
0000000000aefef0 00 00 00 00 00 00 00 00 - 38 3d 2b 00 01 00 00 00
.........8=+.....

---------------------------below---------------------------------------------------------------

Thanks & Regards

KM · Aug 25, 2004

lins77,

I can't help you much here.

Looking at the log you posted (please post the log as a file attachment next
time) my only thought would be that the "Windows DirectUser Engine"
(duser.dll) is not intended to be used either under Local System (minlogon)
or just without explorer shell running. That may be the reason of the crash.

KM

Dear KM:

Thank U for your help.
I tried to make a image following your help.
1)Changing window logon,
2)dependency check,
3)add the related components,
4)disable windows logon,
5)enable minlogon,

But during trying removing programs, the same error message pop-up.
Below, I'll attach the DrtWatson logfile during trying removing programs, I
runned fileregmon.
In the fileregmon, I couldn't find specific feature.
But there were DrtWatson program runs.
So I expect It would be help for debugging.
I also attach regmon log file during trying removing programs.

-------------------------below-------------------------------------------- ------------------
<DRTWATSON log 1>

?? ???? ?? ??:
?? ????: C:\WINDOWS\system32\rundll32.exe (pid=1708)
??: 2004-08-25 @ 07:42:30.554
?? ??: 80000003 (????? ???)

*----> ??? ?? <----*
??? ??: OEM-GGPLF1VIE8M
??? ??: SYSTEM
??? ??? ?? Id: 0
???? ?: 1
???? ??: x86 Family 6 Model 9 Stepping 8
Windows ??: 5.1
?? ??: 2600
Service Pack: 1
?? ??: Uniprocessor Free
??? ??: OEM
??? ???: OEM

*----> ?? ?? <----*
0 System Process
4 System
712 smss.exe
760 csrss.exe
792 winlogon.exe
840 services.exe
848 lsass.exe
1008 svchost.exe
1108 svchost.exe
1224 svchost.exe
1236 svchost.exe
1340 Explorer.exe
1408 spoolsv.exe
1492 conime.exe
1768 DUAgent.exe
1792 inetinfo.exe
1832 SCardSvr.exe
1848 snmp.exe
1764 VTTimer.exe
1828 VTtrayp.exe
1560 cmd.exe
1708 rundll32.exe
1948 drwtsn32.exe

*----> ?? ?? <----*
(0000000000960000 - 000000000098b000: C:\WINDOWS\System32\msctfime.ime
(0000000000dc0000 - 0000000000dc4000: C:\WINDOWS\System32\EmbdTrst.DLL
(0000000001000000 - 000000000100a000: C:\WINDOWS\system32\rundll32.exe
(000000003a700000 - 000000003a718000: C:\WINDOWS\System32\imekr61.ime
(0000000055900000 - 0000000055961000: C:\WINDOWS\system32\MSVCP60.dll
(0000000055c10000 - 0000000055cb1000: C:\WINDOWS\System32\appwiz.cpl
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\system32\UxTheme.dll

<DRTWATSON log 2>

?? ???? ?? ??:
?? ????: C:\WINDOWS\system32\rundll32.exe (pid=612)
??: 2004-08-25 @ 05:52:54.137
?? ??: 80000003 (????? ???)

*----> ??? ?? <----*
??? ??: OEM-GGPLF1VIE8M
??? ??: SYSTEM
??? ??? ?? Id: 0
???? ?: 1
???? ??: x86 Family 6 Model 9 Stepping 8
Windows ??: 5.1
?? ??: 2600
Service Pack: 1
?? ??: Uniprocessor Free
??? ??: OEM
??? ???: OEM

*----> ?? ?? <----*
0 System Process
4 System
648 smss.exe
724 csrss.exe
776 winlogon.exe
816 services.exe
832 lsass.exe
984 svchost.exe
1084 svchost.exe
1228 cmd.exe
1240 svchost.exe
1260 svchost.exe
1296 conime.exe
1408 spoolsv.exe
1884 explorer.exe
2024 DUAgent.exe
116 inetinfo.exe
196 SCardSvr.exe
224 snmp.exe
612 rundll32.exe
740 Filemon.exe
808 WMIADAP.EXE
1008 drwtsn32.exe

*----> ?? ?? <----*
(0000000000960000 - 000000000098b000: C:\WINDOWS\System32\msctfime.ime
(0000000000dc0000 - 0000000000dc4000: C:\WINDOWS\System32\EmbdTrst.DLL
(0000000001000000 - 000000000100a000: C:\WINDOWS\system32\rundll32.exe
(000000003a700000 - 000000003a718000: C:\WINDOWS\System32\imekr61.ime
(0000000055900000 - 0000000055961000: C:\WINDOWS\system32\MSVCP60.dll
(0000000055c10000 - 0000000055cb1000: C:\WINDOWS\System32\appwiz.cpl
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\system32\UxTheme.dll
(00000000629c0000 - 00000000629c8000: C:\WINDOWS\system32\LPK.DLL
(000000006c1b0000 - 000000006c1f4000: C:\WINDOWS\system32\DUSER.dll
(0000000070a70000 - 0000000070ad5000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
..10.0_x-ww_f7fb5805\comctl32.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\system32\NETAPI32.DLL
(0000000072fa0000 - 0000000072ffa000: C:\WINDOWS\system32\USP10.dll
(0000000074c80000 - 0000000074cac000: C:\WINDOWS\system32\OLEACC.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\apphelp.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\IMM32.DLL
(0000000076400000 - 0000000076601000: C:\WINDOWS\system32\MSI.DLL
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\system32\Secur32.dll
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\System32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc2000: C:\WINDOWS\system32\shell32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007c890000 - 000000007c911000: C:\WINDOWS\system32\CLBCATQ.DLL
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll

*----> ??? Id 0x268? ?? ?? <----*

eax=00000000 ebx=000205dc ecx=77f75c17 edx=0006d4db esi=0006d77c edi=0006d77c
eip=77f75a58 esp=0006d700 ebp=0006d73c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\ntdll.dll -
??: ntdll!DbgBreakPoint
77f75a43 837de400 cmp dword ptr [ebp-0x1c],0x0
77f75a47 7408 jz ntdll!PropertyLengthAsVariant+0x58
(77f75a51)
77f75a49 ff75e4 push dword ptr [ebp-0x1c]
77f75a4c e8f9affeff call ntdll!LdrUnloadDll (77f60a4a)
77f75a51 c3 ret
ntdll!RtlSetUnicodeCallouts:
77f75a52 c20400 ret 0x4
77f75a55 cc int 3
77f75a56 cc int 3
77f75a57 cc int 3
?? -> ntdll!DbgBreakPoint:
77f75a58 cc int 3
77f75a59 c3 ret
77f75a5a 8bff mov edi,edi
ntdll!DbgUserBreakPoint:
77f75a5c cc int 3
77f75a5d c3 ret
77f75a5e 8bff mov edi,edi
77f75a60 8b442404 mov eax,[esp+0x4]
77f75a64 cc int 3
77f75a65 c20400 ret 0x4
ntdll!vDbgPrintExWithPrefix:

*----> ?? ? ?? <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\DUSER.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\appwiz.cpl -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\shell32.dll -
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\system32\rundll32.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0006d73c 77f97873 0006d77c 77f97864 6c1d5b63 ntdll!DbgBreakPoint
0006e93c 6c1c6ccb 00c0db40 00db0024 6c1d3ee4
ntdll!RtlUnhandledExceptionFilter+0xe
0006e980 6c1c78e3 00c0db40 00db0024 00000000 DUSER!GetDebug+0x4a5b
0006e9dc 6c1c724a 00c0db40 0000000b 00000000 DUSER!GetDebug+0x5673
0006ea10 6c1c7521 00db0004 00000001 00db0004 DUSER!GetDebug+0x4fda
0006ea24 6c1c4208 00000001 0006ea98 6c1df8b6 DUSER!GetDebug+0x52b1
0006ea30 6c1df8b6 0009011c ffff0211 0006e9d8 DUSER!GetDebug+0x1f98
0006ea98 6c1db3f3 00000202 00000000 01180297 DUSER+0x2f8b6
0006eabc 77d43a50 00000000 00000202 00000000 DUSER+0x2b3f3
0006eae8 77d43b1f 6c1db3a8 0009011c 00000202 USER32+0x3a50
0006eb50 77d43d79 0008c430 6c1db3a8 0009011c USER32+0x3b1f
0006ebb0 77d43ddf 0006f3d4 00000000 55c22a70 USER32!GetMessageW+0x125
0006f410 55c30565 01090094 00000000 00090d68 USER32!DispatchMessageW+0xb
0006f424 55c31cec 00090094 00000000 0006f478
appwiz!WOW64Uninstall_RunDLLW+0x3719
0006f434 7740c31d 00090094 00000005 00000000 appwiz!CPlApplet+0x3d
0006f478 774154f6 00090d68 00090094 00000005 shell32!Ordinal128+0x259
0006fae8 774157ee 00090094 01000000 00090d68 shell32!SHFileOperation+0xfb1
0006ff18 0100178d 00090094 01000000 00085958 shell32!Control_RunDLLW+0x37
0006ff60 0100189a 01000000 00000000 00020622 rundll32+0x178d
0006ffc0 77e814c7 70a9f1ab 80000002 7ffdf000 rundll32+0x189a
0006fff0 00000000 01001818 00000000 78746341
kernel32!GetCurrentDirectoryW+0x44

*----> ? ?? ?? <----*
000000000006d700 30 78 f9 77 10 1e 1b 6c - 7c d7 06 00 2c e9 06 00
0x.w...l|...,...
000000000006d710 0f 00 00 c0 c4 d7 06 00 - 00 00 a7 00 00 00 00 01
................
000000000006d720 dc 05 02 00 04 d7 06 00 - 00 00 00 00 9c d7 06 00
................
000000000006d730 f0 88 fa 77 10 39 f5 77 - ff ff ff ff 3c e9 06 00
...w.9.w....<...
000000000006d740 73 78 f9 77 7c d7 06 00 - 64 78 f9 77 63 5b 1d 6c
sx.w|...dx.wc[.l
000000000006d750 7c d7 06 00 00 00 00 00 - 43 6c 1c 6c 7c d7 06 00
|.......Cl.l|...
000000000006d760 fb 3e c3 77 84 d7 06 00 - 00 00 00 00 84 d7 06 00
.>.w............
000000000006d770 00 00 00 00 00 00 00 00 - 00 00 00 00 6c d8 06 00
............l...
000000000006d780 84 d8 06 00 a8 d7 06 00 - 2e 17 fb 77 6c d8 06 00
...........wl...
000000000006d790 2c e9 06 00 84 d8 06 00 - 44 d8 06 00 5c e5 06 00
,.......D...\...
000000000006d7a0 42 17 fb 77 2c e9 06 00 - 54 d8 06 00 00 17 fb 77
B..w,...T......w
000000000006d7b0 6c d8 06 00 2c e9 06 00 - 84 d8 06 00 44 d8 06 00
l...,.......D...
000000000006d7c0 30 c2 1d 6c 01 00 00 00 - 6c d8 06 00 2c e9 06 00
0..l....l...,...
000000000006d7d0 0d 79 f9 77 6c d8 06 00 - 2c e9 06 00 84 d8 06 00
.y.wl...,.......
000000000006d7e0 44 d8 06 00 30 c2 1d 6c - 00 00 00 00 6c d8 06 00
D...0..l....l...
000000000006d7f0 20 dc 06 00 1c 01 09 00 - 81 02 00 00 00 00 00 00
...............
000000000006d800 40 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
@...............
000000000006d810 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000006d820 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000006d830 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................

*----> ??? Id 0x270? ?? ?? <----*

eax=ffffffff ebx=00aefe08 ecx=000933b8 edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0306 esp=00aefdc0 ebp=00aefe5c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246

??: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8d542408 lea edx,[esp+0x8]
7ffe0304 cd2e int 2e
7ffe0306 c3 ret
7ffe0307 8bd4 mov edx,esp
7ffe0309 0f34 sysenter
7ffe030b c3 ret
7ffe030c 9c pushfd
7ffe030d 810c2400010000 or dword ptr [esp],0x100
7ffe0314 9d popfd
7ffe0315 c3 ret
7ffe0316 8bd4 mov edx,esp
7ffe0318 0f05 syscall
7ffe031a c3 ret

*----> ?? ? ?? <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
00aefdbc 77f5c524 77e75ee0 00000002 00aefe08 *SharedUserSystemCall+0xe (FPO:
[0,0,0])
00aefe5c 77d463eb 00000002 00aefe84 00000000
ntdll!NtWaitForMultipleObjects+0xc
00aefeb8 6c1ddfe0 00000001 00aefeec ffffffff USER32!SetScrollInfo+0x21f
00aefed8 6c1de207 000004ff ffffffff 00000001 DUSER+0x2dfe0
00aeff0c 6c1d88af 00aeff4c 00000000 00000000 DUSER+0x2e207
00aeff2c 6c1d540e 00aeff4c 00000000 00000000 DUSER!GetMessageExA+0x42
00aeff80 77c37fb8 00000000 00000012 002b09e8 DUSER!DUserStopAnimation+0x90d5
00aeffb4 77e7d33b 002b3d38 00000012 002b09e8 msvcrt!endthreadex+0xa0
00aeffec 00000000 77c37f49 002b3d38 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> ? ?? ?? <----*
0000000000aefdc0 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 08 fe ae 00
$..w.^.w........
0000000000aefdd0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000aefde0 02 00 00 00 04 00 00 00 - 02 00 00 00 00 00 00 00
................
0000000000aefdf0 00 00 00 00 f1 ab e7 77 - 00 00 af 00 02 00 00 00
.......w........
0000000000aefe00 00 f0 fd 7f 00 d0 fd 7f - d4 00 00 00 64 00 00 00
............d...
0000000000aefe10 00 20 b6 00 24 6c 1c 6c - 00 20 b6 00 00 00 00 00 .
..$l.l. ......
0000000000aefe20 30 6c 1c 6c 00 00 00 00 - 08 fe ae 00 00 20 b6 00
0l.l......... ..
0000000000aefe30 14 00 00 00 01 00 00 00 - 38 1c 09 00 00 00 00 00
........8.......
0000000000aefe40 00 00 00 00 dc fd ae 00 - 10 1e 1b 6c a4 ff ae 00
...........l....
0000000000aefe50 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b8 fe ae 00
.H.wx2.w........
0000000000aefe60 eb 63 d4 77 02 00 00 00 - 84 fe ae 00 00 00 00 00
.c.w............
0000000000aefe70 ff ff ff ff 00 00 00 00 - 70 c7 08 00 01 00 00 00
........p.......
0000000000aefe80 4c ff ae 00 d4 00 00 00 - 64 00 00 00 ff ff ff ff
L.......d.......
0000000000aefe90 9f 03 1e 6c 70 ee 04 00 - b8 33 09 00 01 00 00 00
...lp....3......
0000000000aefea0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
0000000000aefeb0 00 d0 fd 7f 64 00 00 00 - d8 fe ae 00 e0 df 1d 6c
....d..........l
0000000000aefec0 01 00 00 00 ec fe ae 00 - ff ff ff ff ff 04 00 00
................
0000000000aefed0 84 fe ae 00 ff ff ff ff - 0c ff ae 00 07 e2 1d 6c
...............l
0000000000aefee0 ff 04 00 00 ff ff ff ff - 01 00 00 00 d4 00 00 00
................
0000000000aefef0 00 00 00 00 00 00 00 00 - 38 3d 2b 00 01 00 00 00
........8=+.....

---------------------------below------------------------------------------ ---------------------

Thanks & Regards

Guest · Aug 25, 2004

I also wanto attach the file.
This board doesn't have that feature.

and when catch the DrWatson log file,
I already used the explorer shell.
When I build the explorer shell, and during capturing log file, I just
change the 'shell' registry value to cmd.exe.
and then I booted.
Actually before I changed the registry,
when boot explorer shell,
during removing programs,
the same error poped - up

Thanks & Regards

Slobodan Brcin \(eMVP\) · Aug 25, 2004

Hi,

I also wanto attach the file.
This board doesn't have that feature.

Actually your news reader does not have this option.

Use Outlook Express for posting messages.

Best regards,
Slobodan

During deleting program, error message come out (minlogon)

Guest

KM

KM

Guest

Guest

KM

Guest

Slobodan Brcin \(eMVP\)